 Um, I want to introduce the next speaker. It's a gift read books Rhonda He's gonna talk about the Austrian e-held system a lot of projects. So give a warm welcome Hello Like I was introduced my name is Gaffred Fuchs. I'm working on deviant since about 10 years and since two years, I'm working for SVC the Austrian e-health system company and The talk is about the system Which is Imparts based and run by deviant. That's why I'm giving the talk here First I'm going giving you a short overview about what I will cover The first part will be Description of what the company actually is then What the Austrian e-card is what it is for The e-card project itself and the last part might be the most interesting for those that are Interested in the technical aspects, which will be more in detail explained later in the week This talk is sort of to Split into two parts the part today for the general public and the part Which goes more into the details and the issues we are facing that part will be held on Friday so Jeep cards Yes company for running the system and What is in February 2001 by paragraph 31 of the Austrian law It is owned 200% by the hopped for banned the social facilities trigger Which is the main association of the Austrian? Social security insurance institutions It is an It is organized at a Private limited Company, this is what the gets and be how means And the mission of the company is to establish to implement and to operate and extend the LC which is your electronic system for multiple applicative smart card system within the Austrian social security sector and Yeah, the know-how of system development and operation is also based within our company especially in the area of health Telematics and e-government So the e-card system is not only for the health care, but also for e-government I will shortly cover that but it's More or less a side topic Now a short overview about what the Austrian e-card actually looks like and what does it store The e-card has two sides one is the front side Which has the chip on it? It stores the title Academic title first name last name The Social security number which is a insurance number unique to the person And the card number on the left hand side below the chip On the backhand side it is the European health card which can be used in any country Not only limited in a EU in the European Union, but also across the world If you are in health problem, you can use this card to get identified and get The service of the practices of the medicine practice It stores also the same information mostly which is on the front side Additionally some some unique identifier number and the date Until which is this it is valid and also which insurance company You're enrolled for the key card principle means The e-card contains Identification data like a unique key all this information that is printed on it The only additional data that is not Printed on the card itself is the sex of the person That's also stored on the card, but that's the only non-visible card information stored on the card It is not a carrier of applications the applications are stored on the systems of the practices it is meant as an access key and it just works as an access key to the system-based services and This access key is unique within the whole system. There are some RSA keys and Some hashes are used on the chip which are meant to identify you and make the communication between the doctor and the insurance company encrypted and safe Lost tokens lost key cards get locked through the system so that they cannot get abused The extended vision of the e-card usage include social security It is meant to replace all paper-based health insurance vouchers It mostly did that in very big parts already when you go to the doctor you just Give them your e-card. You don't get any paper anymore from your company with which you go to the doctor You just go with directly with the e-card to your doctor Also They There is this system called abets RUM abets on tickets Meldung Which means that you are not able to work which? gets stored in the system and you get the payment form from the insurance company and things like that and There are also quite a lot of other subsystems which are For which rare in the early years done through paperwork, which is now electronic based You have the key card for secure handling of medical transactions like the the practiser sends the data of your Consulting to To To your insurance company and gets the payment for that all this is done through the system E government It is There's also to try to get a sort of burger cart or citizen card and The e-card is ready to host the information for the citizen card which with which you can do government Bury or critic things You don't have to go to the To the different Places anymore you can do that online with your with your e-card if you have it Extended to be in citizen card and Yeah, there are also some other application for third parties Which might use this in the future. They are not very many of them I think I'm not not really aware of a single one right now, but There might be future uses in that direction and Also e-commerce There's there are some cryptographic tokens Which are still unused on the chip card which might be used in that direction the e-card project Is divided into several sub projects? The main sub project is the system integration to get all of this working the consultant system when you are at the doctor you put the chip card in and This consultant information is sent to the insurance company for payment The card system itself like the card reader and things like that and Also the network which I will cover later a bit more deeply call center of course for problems that the different practices might have with with their hardware Rollout and training for how to use the system At least administration client of security of social security institutions In hospitals, they usually don't have a single system. They have bigger installations and require We require to be able to administer all of these themselves like network IP address assignment and things like that and Adjustment to the special environment this can be done, but I'm on on their own and there are also medical software producers who use a soap interface that is available through the system and can do additional services for the for the doctors Now short overview about the time It was started in 2001, but the first two years there were more or less quite a fair amount of Problems of really get it started and rolling The sub project or partial project were done or put into place between 2003 and 4 the implement implementations started in 2004 at the end of 2004 there were the first pilot medical practices put into Life Test operations in 2005 and the national role nationwide rollout started in 2005 Now I'm coming to the probably most important or most interesting part of the talk the chin The Austrian health information Network Chin's stands for Gesundheit Informations Network and yeah, that's the English term them What is chin it's the e-Health Internet? It's the connection of the physicians pharmacists hospitals Over a broadband technology it uses the SL or cable modems least lines It uses MPLS backbone for quality of short quality of service assurance reasons, so that there is a Ensured minimum bad bandwidth available Which is required for a reason that I will shortly after that explain Centralized assignment rules. There's a database server within our local in a data center in Vienna which runs the whole system and stores all the Consulting informations especially for payment reasons to the insurance companies and There's a centralized management of the complete network Why was the chin established? For high requirements concerning security quality availability and that it's scale able for up to one gigabit access for For instance hospitals which have Like mentioned not just one system like a local Practicer They have usually a fair amount of more Here's a short overview picture of the infrastructure on the top left we have our data center where all the consulting information gets stored and all the Information about who has a an e-card and who is allowed to Get serviced by the practices In the middle, there's the chin Which is scattered around the whole country of Austria There's the social insurance institutions which also offer additional services and There in a chin network you have the pharmacist physicians Hospitals and the likes and There's also some value-added services like formerly mentioned the citizen card Thing and some some other similar things that would like to offer service through this network To make this all possible there is sort of a peering point required and This is can be seen as the firewall to the internet it rules who is allowed to get to which services outside the chin network and It's there for security reasons mostly It is also part it was also split in and in its own company So that everything is clearly defined who is responsible for what part now we come to the Debian system actually The medical practice unit MPU. We usually call it Gina for Gesundheits Informations Network adapter Which is The practice unit This is the hardware that is at the practiser directly on the right-hand side At the top you see the old system The card reader will remain the same same for the foreseeable future So they are currently talks about getting new hardware for that done, but it probably will most Most likely be the same. It's also Linux based, but there's No devion running on the card reader the box below is Currently MIPS hardware Which is Five years old or even more and just has 256 megabytes of RAM and also flash There are no moveable Parts in the system. So no Ventilation or anything like that because it has to be in Practices Offices and therefore has to be absolutely quiet. They're quite strict regulations with respect to that and other parts requirements We are currently in the rollout of new hardware Which will be atom-based with hyperthreading one gig of RAM four gig of SS solid state disks and It has a TPM module Which we use to store the client certificate all the communication between the boxes at the practices and The central system are encrypted for security reasons To get an overview about Some numbers There are around 12,000 clients spread all over Austria from the far west to the far to the east and All these need to get replaced with the new hardware. So That will be quite a task Gladly, it's not done by our company, but by the providers. They have the technicians that Drive to the practices to exchange them We do software updates to the systems twice a year It is done in four steps. There's first the medical software producers Get the as first the new software so they can adapt to the new interfaces that are offered for different subsystems The second phase is the servers the database get it gets adjusted for the Changes required for the new software rollout then there is the 300 which means a sort of Roll small rollout to just about 300 clients In which we test if the update really works There is a lot of internal quality assurance tests like you might expect But we need to Test it in the field because the field has a complete different in some specific areas They have a different environment than what we can do internally so we first have this rollout of three hundreds and If everything Goes properly with that the rest of the world or the rest of the twelve thousand systems Get updated in one single night and this is quite a stress test for for the whole system bent with why with wise and everything else because Sometimes you don't reach one of the Gina boxes anymore and you will have to get them back to a decent state Because when there is really a problem with about 1,000 boxes or so you can't send out that many technicians So the base system is currently Lenny There are a few additional packages which are mostly for internal use Software distribution reasons like the internal use packages like the software distribution part is actually also part of a package and We roll out that as first and then do the dist upgrade afterwards There is a specific rescue partition Which usually usually is not touched during the rollout, but some few weeks later so That we have a full back point the application stack which the Practices use is Java based They roll out also some There's some hotfix mechanism in there to be able to update Some of the bundles that get rolled out for them The rescue system is a specific partition Which gets booted when the system is not able to boot for ten times in a row into the application So when the application doesn't start up properly, you can always do a rescue and The box gets reset to a known good state from which you at least should be able to log into it again and Do the investigation what's going on? What's the proud? What's the problem in case the rescue system doesn't Fix the issue. There is a technician which has to get on site But that's usually then hardware issues and not software related ones so That's more or less this part of the talk Here again the name of the company for your amusement and Like mentioned on Friday, I will go into a bit more details with respect to the technical aspects of the system like the issues we are facing with having to update 12,000 boxes in one night and If you have any questions Please bring them up now Austria was famous for its Certificates on a mobile phone for a while. So it doesn't mean that now Both can be used interchangeably both the card and the certificate on a mobile phone You mean for the citizen card I'm not really involved in that part, but yes the citizen card isn't really you're not required to have one and Actually any cheap card usually is able to work a citizen card. It was one of the requirements for the e-card system that it's possible to use it as citizen card but You're free to use any other cards or like you mentioned mobile phone For for the citizen card for the e-government thing. I have another question concerning this health system Are the patients records Retained are they still at the hospitals or at the primary health care or There's they are in your company In our system, we only store the consulting information that is required for for the payment between The doctors and the insurance companies. So there's no patient data stored besides the unique key of the card But there's some sort of So so anonymization like the The card gets another unique key that isn't directly related to you as person and Someone having this key is not able to figure out that it would be you mean one way one way function. Yes Why do you have such a large than data center? for Ragging yeah, and else Well, the system is quite big for 12,000 clients across and then health care is a Really critical system. So there is a lot of standby service for when when there's issue and There's a lot of data running Over this when you go into a hospital and see how many people are Constantly getting service there. You May be able to mention what amount of data is flowing through the system actually It's it's a very huge amount of data that is running through this system and because all of it is Done through encrypted channels. There's also a lot of processing power involved to get this data Properly processed and in time because When you are in you have an emergency you don't want to wait a minute or longer for for the return of of the Whether you are allowed to get serviced or not Is it hl7 data? Oh, I'm hl7 standard data um I'm not really sure about that I Don't have that information. Sorry And did you as a company provide all the necessary applications for everything or just Some part maybe network part or what? well There are different applications that is offered by our company like I mentioned that OM the that it when when you are not able to work anymore or When you're sent from one doctor to another that's also another sub system currently We have rolled out a test system for e-medication where there's checked for interactions between different medications and Presented to the doctor. This is just a test system for now, but Things like that are running through our system There are always the medical software producers who can do additional services on top of our stack and There are some some people doing that The question was because of this reason. There is a primary health care and there is an let's say application for the primary health care, then there are special applications for example for for laboratory and then in the there is a Hospital information system with all the different modules. It's pretty much complicated and then some special applications such as radiology whatever so Speaking about the public part of the health care I assume that you have a public part on the let's say private part. Is it is it centralized? Is it is it? No, no, this is just for patient Payment related things Specific software which which might be used in an at a doctor like for a dentist who likes to store all the x-ray files for teeth and stuff This is absolutely not covered by this you might want to talk to Andreas tiller who is related to the Deviant made Project, but this system is completely unrelated to deviant made because it has a complete different Aim or target Thank you finally So I have several questions by the people on IRC that are working are watching your talk remotely Okay, I have several questions from the people watching your talk remotely and they are asking by IRC So I have two questions that can be put together That is do they use other a standard deviant system or do they have to use their own Linux kernel and so on? and if There was any software in the base or system other than the internal application that needed to be added to the VM to support the project I have an understanding problem Okay There is two question better now. Yeah, there is two questions the first one The was there any software in those in the base of in the VM Then it is to be added for supporting the system your application and so on besides what you have in deviant And another question that is coupled with this one is that If you use a deviant standard system and if you need a modified kernel For the first part The kernel is especially tailored for the system With respect to the old hardware there is For Java there was this IBM J9 Which only offered Java up to the tool up up till 1.3 Which is quite ancient nowadays But there is no newer virtual machine for MIPS hardware that we were able to use So we are very glad that this new hardware is now input based to be able to offer a more recent Java stack for the application developers I Shortly mentioned there are not very many Additional packages mostly For the system itself the applications that are offered to the practices Um There is you can hook into the system directly just a monitor and keyboard and use it directly There's a web interface offered If you hook the monitor and keyboard into it you Technically get an e-max that displays the same web interface that you can get if you If you go directly with with a web browser to the system and through that you work with the system The following question is related to the hardware They are wondering why you are using auto and not for example ARM ARM Yes In the office for the new hardware there were arm Proposed but actually didn't deliver the The benchmarks that we required for the CPU especially with respect to open SSL and Signing there's no floating point unit in the ARM processor and this was one of the issues Why? The ARM offer was denied And the final question is a bit of topic They are wondering if you could compare the Austrian system with the German one or another country It's a bit of topic If you could compare the Austrian system with another country like Germany In Germany there's a lot of talk going on. I think the system in Germany is not fully established yet and there's a Lot of press talk going on which Might be or true or might not be completely true There's of course the Elga the electronic electronic health act In a hot topic also in Austria, which would mean to store more patient data But this is nothing our company is pushing or Pressing forward we actually would have to implement what the government Decides in that respect In our system, there's just the consultant information currently stored and Not very much more You mentioned Yes, you mentioned There's a second key on the card that's not connected to the individual directly Yeah, there are several keys and there's also some more space on the card for Which might be used for future expansions or future other services. It's not fully used yet It has 52 kilobyte of data storage Which doesn't seem a lot, but if you just Store the if you count the characters that are in a usual name It might still be very much and there are Just the the key stored the encryption unique token Which identifies you to the system the additional keys one of them might be used for a citizen card and Like mentioned future improvements in that area so none of the secondary keys are used for health care no, and How much capacity is typically occupied now? Pardon and how much of the 52 K is currently in use typically I'm not not really aware of that, but it it's Definitely on the lower side. This is the new generation cards the former cards had like 32 or 36. I'm not completely sure And they also weren't completely used One practical question. What would be the minimum requirements for someone new to the system to join it? Infrastructure infrastructure wise you have a contract with your provider and you sort of lease the hardware from them and That's practically it's From what I understood that the requirements for for the bandwidth doesn't require you to have a A very high bandwidth Connection it's it's rather on the low side, but there are special requirements for the minimum bandwidth that is Ensured for for all the times what I wanted to know What I wanted to know do do you need to lease? Special line like a VPLS No, no, it doesn't have to be a lease line any DSL connection Just to plain internet line. Yeah There's one more question from IRC. They wanted to know the cost of the atom box The cost of the atom box I'm I'm I fear I'm not allowed to give that information even if I would have it But I don't So I was not directly involved in the decision and I Especially in the financial part of the decision So you were saying you were using Java for a lot of your domain specific Applications stack you use the Debian mechanism to update that as well Pardon and you said that you were a lot of your software were written in Java. Yes for the MPU Do you use Debian mechanisms to update that part? No, the Java bundles so-called bundles are Our outside the devian package system this It more or less there is a and a revision number stored in the bundle and if there's a different revision available on the on the web it downloads a list of of the bundles the available ones and Fetch us the ones that are newer on the side. Okay the Metadata overhead would be Banned with wife not not the best option to put all these into devian packages so if There are no more questions. I thank you very much for your attention These are the websites on chip card at RT you even can found For fulfilling the GPL you can download the sources of the packages that we have installed Besides our own stuff that is mostly for internal use but Thank you for your attention See you around